Karen Hunter Aesthetics is committed to protecting the privacy and confidentiality of all individuals and takes its responsibilities regarding the security of data very seriously. We abide by the rules of the General Data Protection Regulation (GDPR) upheld by the Information Commissioner Officer (ICO). This includes processing any personal data lawfully, fairly and in a transparent manner.
What information do we collect about you and why?
As an Aesthetic Centre and as part of our service we will only collect information from you so that we can advise and/or arrange treatments and products that maybe suitable for you. In the Aesthetics industry we collect a medical history, which provides us with all the relevant information that we need from you in order to provide you with a suitable product that meets your circumstances and requirements.
When obtaining information from you we will do this in person, by phone, email or post and will confirm the accuracy of the data collated. It is important that all the data we hold on you is accurate so that we can advise and/or arrange suitable treatments/products to you. The types of information we will collect from you includes; contact details, ethnicity, gender, GP contact details, occupation, medical conditions, medication, past medical/aesthetic treatments, smoking and alcohol units. Where you provide your personal data on our consultation forms it will be taken as a positive action that you would like us to contact you for the purpose as set out on this privacy statement.
Information from other sources
We may obtain information from other sources such as public/GP records, if required. This is to enable us to verify who you are or facts that you have told us are accurate.
How will we use this information?
We will only use your data in ways that you would reasonably expect us to. Below summarises how we will use your data. We will use the information you provide to us to provide aesthetic and medical treatments. Where your circumstances or personal information have changed we will update our records, in accordance with GDPR. We will also use your data to assist with handling a complaint if you are not happy with the service you have received.
As part of our service we like to keep our customers up to date with new products or offers that are available and maybe of interest. Therefore, we may contact you from time to time through email marketing, phone, text or other types of marketing material. If you wish to opt out of this at any point then please let us know. In the interest to improve our services, telephone calls may be monitored and/or recorded for training purposes and to assist us handle a complaint. Where we record the call you will be informed of this.
The lawful basis on which we use this information
How we use your information (detailed above) we will do so using the lawful basis legitimate interests. We have decided upon this basis as it allows us to meet with the ICO rules and is the most suitable lawful basis for processing data with a view to arranging a treatment.
Where required we may forward your details onto regulatory authorities where we have a legal and safeguarding obligation to do so, to comply with our regulatory requirements. We may do this under the lawful basis legal obligation.
What we will do to ensure the security of personal information
We will not share any of the information you provide to third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us regardless of whether the information is in electronic or physical format. We use leading technologies and security measures to safeguard your information and keep strict security standards to prevent any unauthorised access to it.
How long will we retain your data?
We will only hold data for no longer than is necessary. Where we have provided a treatment we will keep your file including your personal data and any call recording, on record for a minimum of ten years, in line with our regulatory obligation with our insurance company and the NHS Records Management Code of Practice for Health and Social Care 2016. Where we need to hold your file for longer than this then we will inform you of this.
What are your rights?
You have the right to:
- Be informed about how we use, share and store your personal information.
- Request access to the personal data we hold on you (also known as a Subject Access Request (SAR)). Where a SAR is requested, we will respond promptly and within one month from the date we receive the request.
- Request your personal data is amended if inaccurate or incomplete.
- Request your personal data is erased where there is no compelling reason for its continued processing, and we do not have a legitimate interest to retain it.
- Request that the processing of your data is restricted.
- The right to object to your personal data being processed.
- Rights in relation to automated decision making and profiling.
Where the processing of your data is based on your consent, you have the right to withdraw this consent at anytime by contacting us by phone or email. We do not use automated decision-making or profiling systems.
Where we need your consent we will ask for this separately. We do not use pre-ticked boxes or make assumptions that you have given your consent. Positively opting in, or making a clear affirmative action that you are giving your consent must freely give your consent. We will do our very best to ensure you know exactly what you are consenting to and remind you that you may withdraw your consent at anytime by contacting us by email or phone. Where consent is obtained a record of this will be made confirming what you have consented to, the time and date and how consent was obtained.
Customers: Our customers are important to us however we appreciate that on some occasions you may wish to look elsewhere. If you do, we would like to stay in touch and therefore will ask for your consent in order for us to do so.
Potential Customers: Where you have expressed an interest in a treatment/product but have then decided not to proceed we would like to keep in touch therefore will ask for your consent to do so in case a product maybe of interest to you at a later date.
Non-Customers: We will only send you information about regulated products or services if we have obtained your consent to do so.
Right to complain
We hope that the service you receive from us is to the high standard you would expect. If at any point you are unhappy with the way we have used your data then please notify: Karen Hunter Aesthetics either by email, post or phone below. If you remain concerned about the way, we collect or use your personal data you can raise your concern with the Information Commissions Office (ICO) on 0303 123 1113. For further details you may visit the ICO website www.ico.org.uk We will tend to disclose the complainant’s identity to whomever the complaint is about, however if you wish your identity to remain anonymous, we will try to respect that. We will keep your complaint on record for two years once closed or ten years if it also relates to how we provided a treatment and in line with our insurance policy and NHS Records Management Code of Practice for Health and Social Care 2016.
Changes to the information
We regularly review and, where necessary update our Privacy Notice. If we plan to use personal data for a new purpose our Privacy Notice will be updated and you will be notified.
How to contact us
If you wish to contact us about the above or any other matter then please contact us at:
Karen Hunter Aesthetics
4 Church Street
Tel: 07539 470449